Webhooks

Webhooks are mechanism that allows Donorfy to notify another 'receiving' system when data has been added, changed or deleted.

This is an advanced feature - you may need programming skills or the help from a Donorfy partner to make use of this feature.

The receiving system must be capable of listening out for the notifications sent by Donorfy and handling the notifications when they are received. When a notification is received the receiving system will usually make a call to the Donorfy API to retrieve more information.

To set up a webhook go into settings are search for Webhooks, press the Add Webhook button - see the example screen below - and enter

a name for the webhook - this is to help you identify where the notifications are being sent

the URL where the receiving system is listening for notifications

whether operations from a selected api permission should be ignored - see below for more information

indicate when notifications should be sent - press Save Changes.

Your webhook will be shown in the list of Existing Webhooks - see below.

If this is the case your webhook may need to ignore the Api permission it works with.

This is to avoid an endless loop where a webhook notification is sent which triggers a receiving system to call the API, this call then triggers the sending of another notification which in turn triggers another api call which triggers another notification and so on.

Private Key

Donorfy will generate a 'Private Key' for your webhook - this key is used to create a unique hashed message authentication code which will be sent with every notification. This code allows you to check that the notification was sent by Donorfy - see below for more information.

You can change or delete your existing webhooks as needed.

What Does a Webhook Notification Contain?

When data is added, changed or deleted Donorfy will send the notification as a http post operation to the URL in the webhook setup. The way notifications are processed means there may be a short delay - typically around a minute - between making a change in Donorfy and the notification being sent.

The notification will contain the following:

MessageId - this is a unique identifier for the message

MessageType - this describes the operation that caused the notification to be sent - e.g. ConstituentChange - see the list below

RelatedId - this is a id of the entity the message relates to - e.g. for a ConstituentUpdated this would contain the Id of the constituent that had been updated

MessageToken - this a hashed message authentication code (HMAC) The message HMAC uses SHA-256 as its message digest algorithm, it is calculated from a combination of the MessageId, Message Type, Related Id and the Private Key. You can recalculate the message token and compare it with the value in the message to check the message is valid. For testing an online HMAC tester can be found here

Data - this is an optional dictionary - ie. key / value pairs - which can contain further information